Every so often the requirement comes up to be able to give a colleague access to a specific folder hierarchy within my Exchange mailbox. As you may know, this is not easy to do using Outlook - it's fine for one folder but if there are a number of nested subfolders, you have to assign permissions to each of these individually. Life's just too short for that..!

The answer to this is a tool provided by Microsoft - the Microsoft Exchange Server Public Folder DAV-based Administration Tool - "PFDAVAdmin" for short. This is a very powerful tool which should be a key component of any Exchange Admin's toolkit. It can be downloaded from http://download.microsoft.com/download/2/f/0/2f0d72e2-a97a-49b6-879a-3b405cab017e/PFDAVAdmin.EXE. PFDAVAdmin is compatible with Exchange 2000, 2003 and 2007 (for Exchange 2010 it has been replaced by ExFolders).

PFDAVAdmin isn't limited to working with Public Folders as its name suggests. It allows you - among many other things - to propagate Exchange folder Access Control Entries (ACEs) down through a tree, much like you can do with NTFS.

However, as I do this so infrequently the one thing I can never remember is the syntax to use to specify my mailbox location, and the included documentation doesn't help that much - hence this blog post!

Once you have PFDAVAdmin installed and up and running (it needs .Net Framework 1.1 by the way), click File - Connect, and provide the appropriate details:

PFDAVAdmin Connect dialog

The key thing here being what you need to type into the Connection field. For "Specified mailbox", this needs to be in the format http://<mail_server_name>/exadmin/<your_email_domain>/mbx/<email_address>/ - in the above example this is "http://mailserver/exadmin/EMAILDOMAIN.COM/mbx/[email protected]/". Alternatively (assuming you have the necessary rights) you can select the option to connect to All Mailboxes and locate the mailbox in question that way, but of course you might not want to do this in a large organisation with thousands of Exchange mailboxes.

Once you have successfully connected and have PFDAVAdmin's view of the mailbox in front of you, follow these steps:

1. Right-click the desired folder and select Folder permissions

2. Click Add

3. Enter the alias for the user you wish to delegate access to (you will notice that this builds a nice LDAP query as you type) and click Search, followed by OK once the user is found and selected

4. Select the user in the list

5. Select the desired permissions

6. Finally, click Commit changes

So far, we have only set permissions on the selected (parent) folder, so now we need to propagate these down to all subfolders:

I’m glad you found the post useful. That certainly doesn’t seem to be very clearly documented, which is what prompted me to write the post in the first place, having forgotten what I did when I used PFDAVAdmin a few years before that..!